CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2021-38674 – Reflected XSS Vulnerability in TFTP
https://notcve.org/view.php?id=CVE-2021-38674
A cross-site scripting (XSS) vulnerability has been reported to affect QTS, QuTS hero and QuTScloud. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of QTS, QuTS hero and QuTScloud: QuTS hero h4.5.4.1771 build 20210825 and later QTS 4.5.4.1787 build 20210910 and later QuTScloud c4.5.7.1864 and later Se ha informado de una vulnerabilidad de tipo cross-site scripting (XSS) que afecta a QTS, QuTS hero y QuTScloud. Si es explotado, esta vulnerabilidad permite a atacantes remotos inyectar código malicioso. Ya hemos corregido esta vulnerabilidad en las siguientes versiones de QTS, QuTS hero y QuTScloud: QuTS hero h4.5.4.1771 build 20210825 y posteriores QTS 4.5.4.1787 build 20210910 y posteriores QuTScloud c4.5.7.1864 y posteriores • https://www.qnap.com/en/security-advisory/qsa-21-63 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-38688 – Improper Authentication in Qfile
https://notcve.org/view.php?id=CVE-2021-38688
An improper authentication vulnerability has been reported to affect Android App Qfile. If exploited, this vulnerability allows attackers to compromise app and access information We have already fixed this vulnerability in the following versions of Qfile: Qfile 3.0.0.1105 and later Se ha informado de una vulnerabilidad de autenticación inapropiada que afecta a la aplicación Qfile de Android. Si es explotado, esta vulnerabilidad permite a atacantes comprometer la aplicación y acceder a la información. Ya hemos corregido esta vulnerabilidad en las siguientes versiones de Qfile: Qfile 3.0.0.1105 y posteriores • https://www.qnap.com/en/security-advisory/qsa-21-55 • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 0%CPEs: 10EXPL: 0CVE-2021-38687 – Stack Overflow Vulnerability in Surveillance Station
https://notcve.org/view.php?id=CVE-2021-38687
A stack buffer overflow vulnerability has been reported to affect QNAP NAS running Surveillance Station. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of Surveillance Station: QTS 5.0.0 (64 bit): Surveillance Station 5.2.0.4.2 ( 2021/10/26 ) and later QTS 5.0.0 (32 bit): Surveillance Station 5.2.0.3.2 ( 2021/10/26 ) and later QTS 4.3.6 (64 bit): Surveillance Station 5.1.5.4.6 ( 2021/10/26 ) and later QTS 4.3.6 (32 bit): Surveillance Station 5.1.5.3.6 ( 2021/10/26 ) and later QTS 4.3.3: Surveillance Station 5.1.5.3.6 ( 2021/10/26 ) and later Se ha informado de una vulnerabilidad de desbordamiento del búfer de la pila que afecta al NAS de QNAP que ejecuta Surveillance Station. Si es explotado, esta vulnerabilidad permite a atacantes ejecutar código arbitrario. Ya hemos solucionado esta vulnerabilidad en las siguientes versiones de Surveillance Station: QTS versiones 5.0.0 (64 bits): Surveillance Station versiones 5.2.0.4.2 (26/10/2021) y posteriores QTS versiones 5.0.0 (32 bits): Surveillance Station versiones 5.2.0.3.2 (26/10/2021) y posteriores QTS versiones 4.3.6 (64 bits): Surveillance Station versiones 5.1.5.4.6 (26/10/2021) y posteriores QTS versiones 4.3.6 (32 bits): Surveillance Station versiones 5.1.5.3.6 (26/10/2021) y posteriores QTS versiones 4.3.3: Surveillance Station versiones 5.1.5.3.6 (26/10/2021) y posteriores • https://www.qnap.com/en/security-advisory/qsa-21-46 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-38680 – Reflected XSS in Kazoo Server
https://notcve.org/view.php?id=CVE-2021-38680
A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Kazoo Server. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Kazoo Server: Kazoo Server 4.11.20 and later Se ha informado de una vulnerabilidad de tipo cross-site scripting (XSS)que afecta al dispositivo de QNAP que ejecuta Kazoo Server. Si es explotado, esta vulnerabilidad permite a atacantes remotos inyectar código malicioso. Ya hemos corregido esta vulnerabilidad en las siguientes versiones de Kazoo Server: Kazoo Server 4.11.20 y posteriores • https://www.qnap.com/en/security-advisory/qsa-21-54 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-38686 – Improper Authentication Vulnerability in VioStor
https://notcve.org/view.php?id=CVE-2021-38686
An improper authentication vulnerability has been reported to affect QNAP device, VioStor. If exploited, this vulnerability allows attackers to compromise the security of the system. We have already fixed this vulnerability in the following versions of QVR: QVR FW 5.1.6 build 20211109 and later Se ha informado de una vulnerabilidad de autenticación inapropiada que afecta al dispositivo de QNAP, VioStor. Si es explotada, esta vulnerabilidad permite a atacantes comprometer la seguridad del sistema. Ya hemos corregido esta vulnerabilidad en las siguientes versiones de QVR: QVR FW 5.1.6 build 20211109 y posteriores • https://www.qnap.com/en/security-advisory/qsa-21-52 • CWE-287: Improper Authentication •